nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c1b9938e96
selinux-refpolicy/config/appconfig-mls
History
Harry Ciao c1b9938e96 Fix cron job process' domain during system booting up. 
When SELinux user system_u starts crond during system booting up, its
cron job process should be in the system_cronjob_t domain, which has
the required entrypoint permission on system crontab files labeled as
system_cron_spool_t. Otherwise we can run into below error messages:

Jan 31 08:40:53 QtCao crond[535]: (system_u) Unauthorized SELinux context (/etc/crontab)
Jan 31 08:40:53 QtCao crond[535]: (system_u) Unauthorized SELinux context (/etc/cron.d/sysstat)

The weird thing is that the getdefaultcon command even can not fetch
"system_r:cronjob_t:s0" but "system_r:logrotate_t:s0" ! After fixing
default_contexts files the getdefaultcon command could properly fetch
"system_r:system_cronjob_t:s0" :

root@QtCao:/root> getdefaultcon system_u system_u:system_r:crond_t:s0
system_u:system_r:logrotate_t:s0
root@QtCao:/root>
root@QtCao:/root> grep crond_t /etc/selinux/refpolicy-mls/contexts/default_contexts
system_r:crond_t:s0		user_r:cronjob_t:s0 staff_r:cronjob_t:s0 sysadm_r:cronjob_t:s0 system_r:system_cronjob_t:s0 unconfined_r:unconfined_cronjob_t:s0
root@QtCao:/root>
root@QtCao:/root> getdefaultcon system_u system_u:system_r:crond_t:s0
system_u:system_r:system_cronjob_t:s0
root@QtCao:/root>

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
2011-02-01 10:41:43 -05:00
..
dbus_contexts trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
default_contexts Fix cron job process' domain during system booting up. 2011-02-01 10:41:43 -05:00
default_type trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
failsafe_context trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
guest_u_default_contexts trunk: 6 patches from dan. 2009-03-31 13:40:59 +00:00
initrc_context trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
media trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
removable_context trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
root_default_contexts trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
securetty_types trunk: missed UBAC change: update securetty_types for merged user tty type. 2009-06-01 17:41:34 +00:00
sepgsql_contexts Add sepgsql_contexts into appconfig-* 2011-01-04 13:27:40 -05:00
seusers trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
staff_u_default_contexts trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
unconfined_u_default_contexts trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
user_u_default_contexts trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
userhelper_context trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
x_contexts X Object manager policy revisions to x_contexts. 2009-10-28 10:03:35 -04:00
xguest_u_default_contexts trunk: 6 patches from dan. 2009-03-31 13:40:59 +00:00